Compliance & Trust

Action Governance

How Fintra decides - per action, in real time - whether a payment, data access, or agent tool-call should proceed, and records the verdict to a ledger.

Updated 9 min read1 labOwner / FounderAccountant

Most security and compliance tooling observes: it scans posture, flags anomalies, and gathers evidence after the fact. Action Governance is the layer that decides - it stands in the path of a consequential action and returns a verdict before that action executes. This doc explains the model, the vocabulary, and how to adopt it without risking a false block on day one.

The model: actor → action → target → context

Every governed decision is expressed in one canonical shape. An actor (a human, a service account, or an AI agent) attempts an action (pay an invoice, delete an IAM policy, export data) on a target (an invoice, a policy, a dataset) within a context (amount, signals, business facts). Fintra routes that request to the engine that owns the domain and returns a single verdict plus a trust score and a tamper-evident proof.

VerdictMeaning
allowProceed - low risk, in policy
step-upProceed with a second factor or second approver
holdStop for explicit human approval
blockDeny
The canonical verdict vocabulary

Different engines historically used different words - one said “deny recommended,” another “require approval.” Fintra normalizes them all onto these four, and any unrecognized verdict fails safe to hold, so a consequential action is never silently allowed.

Adopt it without breaking anything

No team lets a new system block production or hold a payment on the first day. Action Governance is built to be adopted in stages: it decides every action from the start, but what it does with the decision is a setting you raise deliberately.

  1. 1Manual - a human decides; Fintra records the decision.
  2. 2Shadow - Fintra decides and proves, but actuates nothing. You see exactly what it would have held.
  3. 3Assisted - Fintra holds the risky items and releases the safe ones.
  4. 4Enforced - Fintra acts on the verdict at the boundary.

Every decision is provable

A verdict you can’t prove later is a liability. Every decision is sealed with a canonical sha256 hash and written to the tenant-scoped Decision Ledger, so an auditor or an incident review can confirm who decided, on what basis, and that the record hasn’t been changed since.

Hands-on labs

Practice against a realistic scenario. Each lab lists the steps, what you should see, and the checkpoints that confirm you got the same result.

Lab 1

Read a governed decision end to end

Scenario

Northwind Trading runs an AP pay run. A payment to a brand-new vendor whose bank account changed two days ago is in the batch. You want to see how Action Governance handles it.

Steps

  1. 1

    Open the pay run and submit the batch for a decision pass.

    Expected: Each payment gets a verdict; the new-payee/bank-change item is marked hold.

  2. 2

    Open the held item and read its reason.

    Expected: A plain-English reason: new payee plus a recent bank-account change - payout redirect risk.

  3. 3

    Open the Decision Ledger and find the same decision.

    Expected: A row with domain finance, the verdict, a trust score, and a sha256 evidence reference.

Checkpoints - you got it right if…

  • The risky payment was held, not released
  • The reason was explainable, not a bare score
  • The decision appears in the Decision Ledger with a proof hash

Frequently asked questions

What is Action Governance?

It is the decision layer that evaluates a consequential action before it executes and returns a verdict - allow, step-up, hold, or block - then records it to a tamper-evident ledger. It decides what happens, rather than only detecting what already did.

Does Fintra block actions by default?

No. The default posture is simulate/shadow - the verdict is authoritative but holds and containment are computed, not executed. You promote to enforcement per policy once you trust the record.

What are the four verdicts?

Allow (proceed), step-up (proceed with a second factor or approver), hold (stop for human approval), and block (deny). Every engine’s native verdict is normalized onto these four, and anything unknown fails safe to hold.

How is a decision proven later?

Each decision is sealed with a canonical sha256 hash and written to the tenant-scoped Decision Ledger, so it can be verified and shown to have been unchanged since it was recorded.

Ready to try it in your own workspace?

Fintra is the AI Finance Operating System for SMBs - accounting, payroll, planning, HR, and compliance under one login, with governed AI doing the heavy lifting.

Talk to us